Skills
skills/coinmarketcap-official/skills-for-ai-agents-by-coinmarketcap/cmc-api-exchange/Gen Agent Trust Hub

cmc-api-exchange

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation contains several examples of network requests using the Bash tool to execute curl commands. These requests are directed at https://pro-api.coinmarketcap.com, which is a well-known service and the official API endpoint for CoinMarketCap. These downloads are part of the skill's intended functionality for fetching market data.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it facilitates the ingestion of data from an external API.
  • Ingestion points: The agent is designed to process JSON formatted data from various endpoints such as /v1/exchange/listings/latest and /v1/exchange/assets.
  • Boundary markers: There are no explicit instructions in the skill to use delimiters or defensive prompting to ignore potential instructions embedded within the API responses.
  • Capability inventory: The skill utilizes the Bash tool for data retrieval and the Read tool for accessing local documentation.
  • Sanitization: The provided reference materials do not specify any validation or sanitization routines for the content received from the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:15 AM